gh0s7/mckernel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

mcexec: Disable address space layout randomization

Browse Source 
Move the code from mcreboot.sh to mcexec.c.
This commit is contained in:
Masamichi Takagi
2017-07-12 14:11:36 +09:00
parent 0f58e9e77d
commit 6415dcfdcc
3 changed files with 46 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
arch/x86/tools/mcreboot-smp-x86.sh.in
View File

@ -180,11 +180,6 @@ error_exit() {
fi fi
fi fi
;& ;&
aslr_disabled)
if [ -f /tmp/mckernel_randomize_va_space ]; then
cat /tmp/mckernel_randomize_va_space > /proc/sys/kernel/randomize_va_space
fi
;&
initial) initial)
# Nothing more to revert # Nothing more to revert
;; ;;
@ -236,12 +231,6 @@ if [ "$cpus" == "" ]; then
fi fi
fi fi
# Disable address space layout randomization
if [ -f /proc/sys/kernel/randomize_va_space ] && [ "`cat /proc/sys/kernel/randomize_va_space`" != "0" ]; then
cat /proc/sys/kernel/randomize_va_space > /tmp/mckernel_randomize_va_space
echo "0" > /proc/sys/kernel/randomize_va_space
fi
# Remove mcoverlay if loaded # Remove mcoverlay if loaded
if [ "$enable_mcoverlay" == "yes" ]; then if [ "$enable_mcoverlay" == "yes" ]; then
if grep mcoverlay /proc/modules &>/dev/null; then if grep mcoverlay /proc/modules &>/dev/null; then
@ -252,7 +241,7 @@ if [ "$enable_mcoverlay" == "yes" ]; then
if [ -e /tmp/mcos ]; then rm -rf /tmp/mcos; fi if [ -e /tmp/mcos ]; then rm -rf /tmp/mcos; fi
if ! rmmod mcoverlay 2>/dev/null; then if ! rmmod mcoverlay 2>/dev/null; then
echo "error: removing mcoverlay" >&2 echo "error: removing mcoverlay" >&2
error_exit "aslr_disabled" exit 1
fi fi
fi fi
fi fi
@ -262,7 +251,7 @@ if [ "${irqbalance_used}" == "yes" ]; then
systemctl stop irqbalance_mck.service 2>/dev/null systemctl stop irqbalance_mck.service 2>/dev/null
if ! systemctl stop irqbalance.service 2>/dev/null ; then if ! systemctl stop irqbalance.service 2>/dev/null ; then
echo "error: stopping irqbalance" >&2 echo "error: stopping irqbalance" >&2
error_exit "aslr_disabled" exit 1
fi; fi;
if ! etcdir=@ETCDIR@ perl -e 'use File::Copy qw(copy); $etcdir=$ENV{'etcdir'}; @files = grep { -f } glob "/proc/irq/*/smp_affinity"; foreach $file (@files) { $rel = substr($file, 1); $dir=substr($rel, 0, length($rel)-length("/smp_affinity")); if(0) { print "cp $file $etcdir/$rel\n";} if(system("mkdir -p $etcdir/$dir")){ exit 1;} if(!copy($file,"$etcdir/$rel")){ exit 1;} }'; then if ! etcdir=@ETCDIR@ perl -e 'use File::Copy qw(copy); $etcdir=$ENV{'etcdir'}; @files = grep { -f } glob "/proc/irq/*/smp_affinity"; foreach $file (@files) { $rel = substr($file, 1); $dir=substr($rel, 0, length($rel)-length("/smp_affinity")); if(0) { print "cp $file $etcdir/$rel\n";} if(system("mkdir -p $etcdir/$dir")){ exit 1;} if(!copy($file,"$etcdir/$rel")){ exit 1;} }'; then

5
arch/x86/tools/mcstop+release-smp-x86.sh.in
View File

@ -121,10 +121,5 @@ if [ "${irqbalance_used}" != "" ]; then
fi fi
fi fi
# Re-enable ASLR
if [ -f /tmp/mckernel_randomize_va_space ]; then
cat /tmp/mckernel_randomize_va_space > /proc/sys/kernel/randomize_va_space
fi
# Set back default swappiness # Set back default swappiness
echo 60 > /proc/sys/vm/swappiness echo 60 > /proc/sys/vm/swappiness

45
executer/user/mcexec.c
View File

@ -73,6 +73,7 @@
#include "../../config.h" #include "../../config.h"
#include <numa.h> #include <numa.h>
#include <numaif.h> #include <numaif.h>
#include <sys/personality.h>
//#define DEBUG //#define DEBUG
@ -89,6 +90,25 @@
#define __eprintf(format, ...) {fprintf(stderr, "%s: " format, __FUNCTION__, \ #define __eprintf(format, ...) {fprintf(stderr, "%s: " format, __FUNCTION__, \
__VA_ARGS__);fflush(stderr);} __VA_ARGS__);fflush(stderr);}
#endif #endif
#define CHKANDJUMPF(cond, err, format, ...) \
do { \
if(cond) { \
__eprintf(format, __VA_ARGS__); \
ret = err; \
goto fn_fail; \
} \
} while(0)
#define CHKANDJUMP(cond, err, msg) \
do { \
if(cond) { \
__eprint(msg); \
ret = err; \
goto fn_fail; \
} \
} while(0)
#undef DEBUG_UTI #undef DEBUG_UTI
@ -1580,6 +1600,7 @@ opendev()
int main(int argc, char **argv) int main(int argc, char **argv)
{ {
int ret = 0;
struct program_load_desc *desc; struct program_load_desc *desc;
int envs_len; int envs_len;
char *envs; char *envs;
@ -1596,6 +1617,7 @@ int main(int argc, char **argv)
char *shell = NULL; char *shell = NULL;
char shell_path[1024]; char shell_path[1024];
int num = 0; int num = 0;
int persona;
#ifdef USE_SYSCALL_MOD_CALL #ifdef USE_SYSCALL_MOD_CALL
__glob_argc = argc; __glob_argc = argc;
@ -1607,6 +1629,26 @@ int main(int argc, char **argv)
altroot = "/usr/linux-k1om-4.7/linux-k1om"; altroot = "/usr/linux-k1om-4.7/linux-k1om";
} }
/* Disable address space layout randomization */
persona = personality(0xffffffff);
__dprintf("persona=%08x\n", persona);
if ((persona & (PER_LINUX | ADDR_NO_RANDOMIZE)) == 0) {
CHKANDJUMP(getenv("MCEXEC_ADDR_NO_RANDOMIZE"), 1, "personality() and then execv() failed\n");
persona = personality(persona | PER_LINUX | ADDR_NO_RANDOMIZE);
CHKANDJUMPF(persona == -1, 1, "personality failed, persona=%08x, strerror=%s\n", persona, strerror(errno));
error = setenv("MCEXEC_ADDR_NO_RANDOMIZE", "1", 1);
CHKANDJUMP(error == -1, 1, "setenv failed\n");
error = execv("/proc/self/exe", argv);
CHKANDJUMPF(error == -1, 1, "execv failed, error=%d,strerror=%s\n", error, strerror(errno));
}
if (getenv("MCEXEC_ADDR_NO_RANDOMIZE")) {
error = unsetenv("MCEXEC_ADDR_NO_RANDOMIZE");
CHKANDJUMP(error == -1, 1, "unsetenv failed");
}
rlim_stack.rlim_cur = MCEXEC_DEF_CUR_STACK_SIZE; rlim_stack.rlim_cur = MCEXEC_DEF_CUR_STACK_SIZE;
rlim_stack.rlim_max = MCEXEC_DEF_MAX_STACK_SIZE; rlim_stack.rlim_max = MCEXEC_DEF_MAX_STACK_SIZE;
@ -2119,7 +2161,8 @@ int main(int argc, char **argv)
join_all_threads(); join_all_threads();
return 0; fn_fail:
return ret;
} }